At 6:32 AM -0600 12/8/05, Rich Adamson wrote:
> - ensure that you are testing against inexpensive equipment (Sipura
> is an SRTP device which is cheap...)
Did Sipura ever release enough information for folks to make their own
"mini-certificates"? P.17 - P.19 of 841AdminGuide1105.pdf has some
good hints, but I haven't been able to make enough sense of it to
generate one from openssl.
I have not worked with the 841, but have done some research involving the
spa3000 and its use of certificates for updating config's remotely, etc.
Since Sipura products seem to share a large amount of source code, etc,
between various products, I'd guess the certificate mechanism for the
841 is the same as the spa products.
If you have access to their support web site, there were some documents
that explain how to generate a certificate. However, once the certificate
is generated (which I did on a FC3 stock box), one needed to send the
certificate to Sipura for signing. When I asked where to send it, I was
told to contact sales. I have not done that yet, but apparently there
must be a charge to have that done since the support folks were referring
me to sales. (It also could be part of their merging of products and support
into the Cisco/Linksys group; really don't know for sure.)
The Sipura support seems to have dropped somewhat after the announced
Cisco purchase/merger.
I'd hope that somehow the Sipuras could be used as an encrypted media
endpoint. There was previous use of the Sipuras (with Asterisk, I
suppose?) by Voicepulse in an encrypted stream format, but I don't
know if that ever saw use outside of their firm. It would seem that
generation of certificates would be required for that process, even
if they were self-signed.
Now that we're getting closer to having Asterisk support this
natively, it would be good (required?) to have some method of
building these certs. It may not be possible to use SRTP without
TLS, though, and I don't have the time right now to hunt that down.
I've cc:'ed Marcelo Rodriguez on this, who runs Voxilla. At one
point, I recall that they were issuing mini-certs to Sipura users -
perhaps their methods and/or code would translate to something this
effort could use? I don't know if this same mechanism could be used
for "signing" an Asterisk server cert. Sorry, I'm not too
up-to-speed on this stuff yet, so I might be mixing apples and
oranges. Maybe this is much easier than I think it is....
http://voxilla.com/modules.php?op=modload&name=News&file=article&sid=63
JT
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
Asterisk-Dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
